Communication Privacy Management Theory and Health and Risk Messaging

Summary and Keywords

Communication privacy management theory (CPM) argues that disclosure is the process by which we give or receive private information. Private information is what people reveal. Generally, CPM theory argues that individuals believe they own their private information and have the right to control said information. Management of private information is not necessary until others are involved. CPM does not limit an understanding of disclosure by framing it as only about the self. Instead, CPM theory points out that when management is needed, others are given co-ownership status, thereby expanding the notion of disclosing information; the theory uses the metaphor of privacy boundary to illustrate where private information is located and how the boundary expands to accommodate multiple owners of private information. Thus, individuals can disclose not only their own information but also information that belongs to others or is owned by collectives such as families.

Making decisions to disclose or protect private information often creates a tension in which individuals vacillate between sharing and concealing their private information. Within the purview of health issues, these decisions have a potential to increase or decrease risk. The choice of disclosing health matters to a friend, for example, can garner social support to cope with health problems. At the same time, the individual may have concerns that his or her friend might tell someone else about the health problem, thus causing more difficulties.

Understanding the tension between disclosing and protecting private health information by the owner is only one side of the coin. Because disclosure creates authorized co-owners, these co-owners (e.g., families, friends, and partners) often feel they have right to know about the owner’s health conditions. The privacy boundaries are used metaphorically to indicate where private information is located. Individuals have both personal privacy boundaries around health information that expands to include others referred to as “authorized co-owners.” Once given this status, withholding to protect some part of the private information can risk relationships and interfere with health needs. Within the scheme of health, disclosure risks and privacy predicaments are not experienced exclusively by the individual with an illness. Rather, these risks prevail for a number of individuals connected to a patient such as providers, the patient’s family, and supportive friends. Everyone involved has a dual role. For example, the clinician is both the co-owner of a patient’s private health information and holds information within his or her own privacy boundary, such as worrying whether he or she diagnosed the symptoms correctly. Thus, there are a number of circumstances that can lead to health risks where privacy management and decisions to reveal or conceal health information are concerned.

CPM theory has been applied in eleven countries and in numerous contexts where privacy management occurs, such as health, families, organizations, interpersonal relationships, and social media. This theory is unique in offering a comprehensive way to understand the relationship between the notion of disclosure and that of privacy. The landscape of health-related risks where privacy management plays a significant role is both large and complex. The situations of HIV/AIDS, cancer care, and managing patient and provider disclosure of private information help to elucidate the ways decisions of privacy potentially lead to health risks.

Communication Privacy Management (CPM) theory and research are useful to understand the nature of decision making in the context of health risks. CPM theory taps a common, everyday understanding of choice making that can help readers recognize the risks inherent in disclosing or concealing health-related information. CPM literature identifies reasons individuals may decide to share private information (e.g., Ebersole & Hernandez, 2016; Greenberg & Smith, 2016). For instance, individuals may be motivated to disclose as a catharsis, or in pursuit of social support such as comfort or help. They may disclose for other-focused reasons including situations where individuals have the right to know or because others would benefit from knowing. Individuals may also share information to enhance a relationship, thereby strengthening bonds they have with a person. Additionally, individuals may be forced to share by a deliberate confidant who compels or coerces the information owner to disclose. Likewise, sharing private information can occur when there is a necessity to disclose as may happen when a reticent person needs to reveal symptoms or information essential to determine health needs.

Similarly, individuals may refrain from sharing their personal information for self-focused reasons such minimizing negative affect or rejection. Often individuals conceal information for “other-focused” reasons as well. For example, people use non-disclosure to protect others from hurtful news. In addition, individuals may conceal their private information for relationally focused reasons such as preserving their relationship and protecting their family.

As Petronio (2002) points out, CPM theory argues that individuals believe they own their private information and have the rights to control that information. By using the metaphor of “privacy boundaries” CPM theory provides a way to visualize where private information resides. CPM also points out that a person’s privacy management system is only activated when others are involved. That is, telling others your private information can be necessary, especially in healthcare; nevertheless, making a disclosure opens the privacy boundary to others thus complicating levels of control. Keeping private information secret shuts the privacy boundary and stops the flow of information with no need for privacy management. For others to be involved, the owner of the information (i.e., the patient, the clinician, the patient’s loved one) has to make choices about revealing in the first place. Individuals use “privacy rules” to control when, how, and why others might have granted access to their information. These privacy rule choices are influenced by “decision criteria” such as motivations, culture, and risk-benefit calculus. In deciding whether to reveal of conceal, individuals often consider the goals they want to achieve.

Consequently, once the “information owners” chose to share their private information with others, those others become “authorized co-owners” of that information Co-owners are explicitly or implicitly expected to take care of the owners’ information, typically in the same way that owners manage the information themselves and make the same choices as the owners about access. However, because everyone has his or her own definition of what private information means, at times it is difficult for authorized co-owners to manage another person’s privacy boundary. As a consequence, privacy management breakdowns occur, which Petronio (2002) labels as “privacy turbulence.”

While privacy turbulence refers to problems within the privacy management system that are instigated by both disclosers and recipients, these incidents also help individuals to recognize the circumstances where privacy rules need to be changed or adjusted to fit a person’s needs. Let us consider Jan’s experience when she was in the hospital. As a patient, Jan felt her privacy was compromised when she discovered that her clinician discussed her case with his colleague, a clinician Jan had never met. She felt angry and betrayed because Jan believed she should have been asked for her permission. To deal with this breach she used a privacy management strategy that changed her privacy rules. She restricted further information access by finding a more “trustworthy” doctor. However, her original clinician was perplexed as to why she made such a rash decision.

As the above example points out, information owners do change their privacy rules in response to incidences where they feel vulnerable. However, co-owners may not understand the reasoning behind the action. Because judgments about revealing or concealing private information are not always communicated to others, there is a potential for co-owners to face ambiguity concerning what privacy rules the owner wants used to decide disclosure. Within the context of health, these privacy management decisions potentially carry a high risk in judging the level, kind, and amount of revealing or concealing.

CPM has been applied in several contexts that examine the way individuals consider whether to share or avoid sharing their private health-related information. The following is not an exhaustive list, but it provides insight into health contexts in which CPM has been applied. Researchers have explored how couples discuss their miscarriage experiences with close others (Bute & Brann, 2015), privacy issues concerning conceiving via in-vitro fertilization (Rueter et al., 2016), infertility (Steuber & Solomon, 2012) or decisions to undergo vasectomy (Rauscher & Durham, 2015). Scholars have also examined how family members share family history (Hovick, Yamasaki, Burton-Chase, & Peterson, 2015) or talk about genetic risk for cancer (Rauscher, Hesse, Miller, Ford, & Youngs, 2015). The theory has been used to understand sexual disclosure (Coffelt & Hess, 2014; Coffelt & Olson, 2014; Denes & Afifi, 2014, Faulkner & Mansfield, 2002; Miller et al., 2009) and disclosure of sexual abuse (Petronio, Reeder, Hecht, & Ros-Mendoza, 1996; Petronio, Flores, & Hecht, 1997; Pluretti & Chesebro, 2015; Staller & Nelson-Gardell, 2005). While instances of ambiguity about reasons for revealing or concealing private health information occur in most health contexts, the challenge becomes more complex when the health-care stakes are high as seen with illness such as HIV/AIDS and cancer (Greene, Derlega, Yep, & Petronio, 2003).

HIV/AIDS Risks and Managing Privacy Disclosures

Individuals with HIV/AIDS often struggle formulating effective privacy rules for a disclosure because their choices are frequently confounded by having two equally difficult choices (Greene et al., 2003). On one hand, they are keenly aware that disclosure might result in receiving social support or medical care. Yet, on the other hand, disclosing can lead to serious personal and relational consequences, especially within health-care contexts. As a result, the decision to disclose or protect information about HIV/AIDS status has radical implications for risk (Greene et al., 2003). For example, patients with HIV/AIDS fear disclosing to their providers due to concerns of mistreatment, or in the case of dental care, refusal of treatment (McCarthy, Haji, & Mackie, 1995). Fear of mistreatment can significantly compromise the level of care a patient receives. Not knowing specific symptoms or conditions experienced by the patient increases risk and affects overall care. Yet, a level of trust is imperative to receiving health care. Previous encounters with health-care providers not cognizant of privacy dilemmas HIV/AIDS patients likely heighten the stress patients face in seeking health care. When doctors neglect to provide a trusting environment and do not pay close attention to the comfort level of the patient, disclosures about health concerns may be withheld by the patient. By seeking to understand what drives disclosure and non-disclosure decision making, health-care providers may become more aware of how HIV/AIDS patients perceive the ramifications of disclosing or protecting their status information. Gaining these insights likely would provide a better understanding of how and when patients feel conflicted about wanting to disclose or conceal pertinent information to a provider. Doing so may afford insights into the patients’ logic of choice about allowing others into their privacy boundary.

An important point CPM theory makes concerns the presumption of responsibility once information is disclosed to others. The action of revealing presumes the recipients are perceived as authorized co-owners of the owner’s information. As such, information owners have an expectation that recipients invited into their privacy boundary will be faithful guardians of their information. They may give a co-owner some privacy rules to follow or presume friends would know not to disclose this information to anyone else.

However, because the information has been passed between the information owner and the co-owner, there is always the potential for the co-owner to misunderstand the way information owners want their privacy treated to protect the disclosure. As a consequence of fearing negative responses to an HIV-positive status, research shows that individuals who become HIV positive take into account new or different privacy rules (Greene et al., 2003). In many ways, therefore, the diagnosis works as a catalyst for revamping the way that privacy is defined and regulated. The possibility of experiencing negative consequences of being treated without respect, feeling rejection, relational dissolution, experiencing blame for infecting partners, fearing accusations of infidelity and being refused medical care carry a weight that creates a need for a different kind of privacy management (Derlega, Winstead, Greene, Serovich, & Elwood, 2004; Greene et al., 2003). However, finding an effective way to make privacy rule changes is complicated by fear and high levels of vulnerability for individuals living with HIV/AIDS. As a consequence, many continue to struggle with a number of critical privacy issues.

Research shows that even though HIV/AIDS has been on the world’s radar screen for decades, individuals living with HIV/AIDS continue to report that their fears have not necessarily been diminished. The reality of enduring negative consequences when disclosing remains a mainstay of their everyday life. There are continual episodes where individuals living with HIV/AIDS are stigmatized and publicly embarrassed; disclosing can also harm relationships and lead to feelings of abandonment, bodily harm, and refusal of medical care (Gaskins et al., 2012; Lee, Li, Iamsirithaworn, & Khumtong, 2013; Linda, 2013; Tenzek, Herrman, May, Feiner, & Allen, 2013; Rouleau, Cote, & Cara, 2012; Valle & Levy, 2009; Walcott, Hatcher, Kwena, & Turan, 2013).

As this body of research points out, changing privacy rules in reaction to privacy turbulence that erupts when expectations fail and privacy rules malfunction is a way for individuals living with HIV/AIDS to protect themselves and their ownership over their status information. There is a tendency to combat these disclosure risks by constructing rigid privacy boundaries around the information. Individuals are inclined to select specific, close others with whom to share the information and otherwise actively conceal the information. These privacy boundaries are thick and make it difficult to access the information. The protection strategies appear to be consistent across cultures.

For example, research shows that individuals living with HIV/AIDS in South Africa recalled traveling to distant clinics or hospitals to avoid neighbors seeing them entering the local HIV/AIDS care facilities (Linda, 2013). Other South Africans explained that they take their medication in hiding, and sometimes avoid social outings, in order to protect themselves from others finding out about their health status. When selecting disclosure recipients, individuals living with HIV/AIDS prefer close, tried and true others who will not further reveal the information or reject the discloser (Gaskins et al., 2012; Linda, 2013; Rouleau et al., 2012; Xiao et al., 2015).

Studies also found that women in Quebec constructed their boundaries surrounding their HIV/AIDS status information by selecting to share only particular pieces of information and only with select others (Rouleau et al., 2012). Preferred recipients can be categorized by relational role with an order of preference where disclosures are most often made to families first, then partners and friends afterward (Lee et al., 2013; Linda, 2013). Families can play a significant role in protecting members who are HIV positive. A study of individuals living with HIV/AIDS in Namibia finds that some families serve as information co-owners and work together to protect the diagnosed family member. The families frame the health information as a secret, and they actively conceal the diagnosis in order to protect their family member from negative consequences (Smith & Niedermyer, 2009). On the other hand, as noted above, partners are not always informed of the diagnosis (Gaskins et al., 2012; Xiao et al., 2015).

While the existing research points to certain directions concerning privacy management of individuals living with HIV/AIDS, there is still important and unfinished business. The fact that partners may not be informed of the diagnosis highlights an important goal yet to be reached. We need to learn more about why and what circumstances drive non-disclosure, especially when considering consequences for partners. Privacy rules used to guide revealing and concealing are often idiosyncratic because disclosers and recipients may have different definitions of what constitutes private information. Locating underlying factors that influence privacy decision making, such as how risk-benefit is calculated and what motivates potential disclosers to tell or not tell may prove helpful. The high risk of non-disclosure, especially to partners, continues to be an issue (Greene et al., 2003). Reluctance to disclose creates numerous problems and can be hazardous for all involved. As such, better understanding of the reasons for telling or not telling and getting a better grasp on the goals HIV/AIDS patients have for privacy management within the health-care context likely would help reduce risks for the patient and provide more effective care.

Cancer Care Risks and Managing Privacy Disclosures

During the course of receiving a diagnosis of cancer, trying to understand the meaning of a treatment plan, and coping with a prognosis, the journey of living with cancer entails many instances of privacy management (Petronio & Sweeney-Lewis, 2010). Approximately 40% of men and women in the United States will be diagnosed with cancer in their lifetime (National Cancer Institute, 2016). Despite improving cancer treatments, a cancer diagnosis instills fear, uncertainty, and distress in cancer patients and their loved ones (Hagedoorn, Sanderman, Bolks, Tuinstra, & Coyne, 2008). In addition to treatment decisions, cancer patients face several communicative decisions, often negotiating competing tensions between privacy and disclosure (Donovan-Kicken, Tollison, & Goins, 2012; Petronio, 2002). For example, cancer patients have to determine who they will tell their diagnosis to (Koskan et al., 2014), how and if they will share treatment updates (Donovan-Kicken, Tollison, & Goins, 2011), and how they will generally discuss or portray their cancer journey with others (Bevan & Pecchioni, 2008; Donovan-Kicken et al., 2011). Patients and loved ones recognize the risk in discussing cancer from both sides. For the patient, there is a need to talk about a cancer diagnosis to start the sense-making process. Nonetheless, cancer patients may choose to hold back disclosure because they do not want loved ones to worry (Donovan-Kicken et al., 2011; Manne et al., 2007). Nevertheless, there are many points of tension because partners, friends, and families believe that they have a “right” to know given they already are considered authorized co-owners of other equally private information belonging to the patient.

Guarding risk can activate cancer patients’ awareness of a need to change their privacy management system. For example, patients likely consider what information they should disclose, how soon after they know about their diagnosis that they raise the topic with family members, and ultimately make a decision about whether they reveal their diagnosis and prognosis to family members, friends, and partners. Cancer patients may also consider withholding the information altogether, thereby closing their privacy boundaries surrounding this information. Making a decision to avoid disclosing cancer-related topics altogether calls into action a reformulation of privacy rules that are likely to better fit their current needs. In so doing, cancer patients judicially select who to tell, when to tell, how much to tell, and when to withhold information from authorized co-owners. Consequently, cancer patients tend to actively reflect on making these privacy rule changes to guide judgments about how to grant or deny access to their health status in this newly constructed privacy boundary (Ngwenya, Farquhar, & Ewing, 2016; Smith & Brunner, 2016).

Although many cancer patients may initially think about these issues, it is difficult to predict all the circumstances that might arise over the course of treatment and prognosis. As such, there are always changes in privacy rules and situations where things do not go as planned. In cases such as these, CPM argues that the privacy management system becomes turbulent, giving notice to the information owner that more corrections in privacy rules are in order. Consequently, experiencing privacy turbulence is actually helpful for patients in these circumstances to become more mindful of their needs to recalibrate their privacy boundary and gain more control over their privacy.

There are many ways in which CPM (Petronio, 2002) provides great utility in understanding the communicative struggles faced by cancer patients. One of the consistent ways that patients tend to think about their cancer diagnosis is through the notion of information ownership. As CPM argues, because patients believe they own their private cancer information, they also believe they have the right to control who else knows, how much they know, and whether or not they will share the information with others. As a result, the assumptions made about ownership and control of private health information have the potential to prompt a level of health risks. Research demonstrates this type of risk in communicating about cancer-related topics within partner relationships. For example, if one partner resists communication while the other pursues further knowledge about the cancer condition, the tension can lead to risks that may hamper needed support. This is particularly true when partners have communication needs, but patients are unwilling to engage in cancer-related conversations (Venetis, Magsamen-Conrad, Checton, & Greene, 2014).

Because health information is almost always considered personal and private information, there is an expectation that information owners determine how their information may be shared or managed. They also have certain expectations about what happens to their information when someone else has access. In exploring how cancer patients navigate revealing and concealing their diagnosis, the notion of ownership rings true. For example, in a recent interview-based investigation of lung cancer patients and their family members, patients explicitly describe that the cancer diagnosis and related information as belonging to them exclusively (Ngwenya et al., 2016). This perception is true regardless of whether the family members believe that they have rights to the information too. Participants describe that they alone should be able to make information management decisions, including judgments to avoid disclosure or avoid sharing certain kinds of information.

Interestingly, patients often invoke information ownership and control dialogues with others to reinforce the integrity of maintaining their own privacy boundaries. In certain cases, these actions are aimed at carefully maintain privacy boundaries, information ownership rights in an effort to regain a clear sense of control that they feel is jeopardized after receiving the cancer diagnosis (Donovan-Kicken et al., 2011). As one cancer survivor described, “I think it [making decisions about how to discuss my cancer] helped me control something, you know? There’s so little you can control in cancer, but I think it helped me control something” (Donovan-Kicken et al., 2011, p. 318).

Information ownership and corresponding control extends to disclosure decisions of when and how to share information. Cancer survivors discussed how they wanted to reveal their information on their own terms (Donovan-Kicken et al., 2011). For example, participants described their decisions to share only some of their information and calculated waiting to tell others. The act of waiting allowed them to both collect more information as well as to determine how to present the information as framed in hope and optimism.

Keeping loved ones in the privacy boundary surrounding information about the illness serves to decrease a loved one’s fear and uncertainty (Chernichy-Karcher, Venetis, & Lillie, 2016). These conversations can help both the patient and loved ones in the information loop, thereby serving as an important means of social support. However, information management decisions also extend to judgments to withhold certain information or avoid the topic altogether (Donovan-Kicken & Caughlin, 2010). Patients often take a proactive role in managing who is allowed to know the diagnosis and prognosis, for example, and how much information they want to reveal. Family members, partners, and friends often assume the role of co-owner and expect that the patient would want to share information and decisions. Yet there are times when patients may not want their health information disclosed to all family members or are incapable of active privacy management (Petronio & Sweeney-Lewis, 2010).

There are many complications in harnessing the ability to manage one’s own private information especially when patients are very ill and lacked the opportunity to personally manage their privacy boundary around information about the illness. Not having a chance to make those judgments may lead to a particular family member or friend to the belief that the patient does not trust his or her knowing too much about the patient’s situation. On the other hand, the patient can feel completely at the mercy of others and out of control in managing where information goes and how it is framed by other individuals. Sometimes individuals in the patient’s network, such as partners or friends, take it upon themselves to overstate the condition of the patient or underestimate the severity of the issues. The privacy boundaries break open and can result in damaging personal relationships.

On the other hand, friends and families may also recognize the ownership and control rights of the patient, and their knowledge may depend on when the patient decides to give them information. Friends and family of lung cancer patients, for example, described that they preferred patients to determine how to manage the information, and then they accommodated the patients’ preferences (Ngwenya et al., 2016). However, in this study, close others pointed out that it can be challenging to fulfill patients’ information management expectations and that those expectations may diverge from their own privacy management preferences (Weber & Solomon, 2008).

Conversely, these close others also noted that they felt it was their responsibility (as co-owners) to allow patients to dictate how patients, as information owners, wanted the information shared. This suggests there is potential risk in inadequate co-owner privacy management. Should co-owners reveal, discuss, or avoid engaging in cancer-related communication differently than expected by cancer survivors, they risk the potential for privacy turbulence and subsequent relational consequences.

Studies also demonstrate that friends and family prefer patients to set the communicative tone and as co-owners make an effort to embrace survivors’ privacy expectations. For example, one dyadic investigation of cancer patients and partners found that cancer patients are given latitude and license to talk about their cancer experience with their partners so they can unpack this difficult time in their lives (Venetis et al., 2014).

Partners, on the other hand, can become sensitized to the patients’ messages about their cancer experience. For instances, when partners perceive that patients are unable or unwilling to discuss a cancer-related topic, partners are less likely to pursue that topic, even if doing so creates a sense of burden for the partner (Venetis et al., 2014). The lack of disclosure and closed privacy boundaries by the patient may have a long-term effect making requests for disclosure by partners feel risky.

Research shows that the sense of risk by partners tends to compound efficacy such that partners may not be able to support the patient in useful ways (Venetis, Greene, Checton, & Magsamen-Conrad, 2015). There are many reasons partners report reduced efficacy. For instance, they may not feel confident in addressing the topic (i.e., patient pain, the future, fear of death), and also may not feel certain about ways to approach specific aspects of the cancer journey (e.g., prognosis). As these points suggest, the outcome for partner apprehensiveness to initiate conversations about cancer may have more inherent risk for partners than patients.

Partners may carry around the burden of knowing without the license to discuss the information with the patient or others. As can be imagined as a marital partner, being locked out of conversations and a means to understand the experience a loved one is having can be devastating. Patients and long-term partners who likely have relationally built dyadic privacy boundaries brings into question the privacy rules they created to regulate co-owned relational information. Many times the privacy rules for access or protection developed by couples are focused on privacy management regarding individuals outside of their dyadic privacy boundary.

Couples accustomed to discussing all aspects of their lives with each other may have difficulty changing the privacy rules of access during illness. Being shut out in a time when it is helpful for both partners to process the ordeal can result in frustration and long-term risks to the partner, patient, and their relationship. Thus, there exists a state of privacy turbulence triggered by unforeseen changes to privacy rules in a time when both parties need to communicate with each other (Venetis, Greene, Checton, & Magsamen-Conrad, 2015).

Patient-Provider Risks in Managing Privacy Disclosures

As the previous discussion shows, there are a number of issues found in regulating private information within types of illness. There are also risks situated in communication that occur between patients and those who provide health care across types of illness. There are choices made about disclosing and concealing private health information that complicate patients’ ability to receive and providers’ ability to deliver health care. For instance, there are times where patients withhold symptoms from their physician because they are not able to cope with facing bad news about their health. Nevertheless, withholding can carry risks such as delaying treatment, experiencing anxiety about the unknown, or worrying about feeling embarrassed if the symptoms do not turn out to be problematic. Likewise, physicians can be reticent to disclose a patient’s prognosis because they might not be ready to face telling the patient bad news. On both sides, the management of private information can lead to jeopardizing the level of care. The intersection of the privacy management on the part of the patient to provider and privacy management on the part of the provider to the patient both have consequences that can challenge receiving and providing effective health care.

Managing Privacy Disclosures to Providers

Patients seeking health care necessarily reveal private health information in order to receive care. A key to deciding how much information should be disclosed is often activated by the willingness to grant a certain amount of “trust credit points” (see pp. 78–79, Petronio, 2002; Jenkins, Merz, & Sankar, 2005). However, while a certain level of trust credits are given freely by the patient, the level of openness can be misleading. Patients do actively regulate the kind and amount of information they disclose or withhold from healthcare providers (Petronio, DiCorcia, & Duggan, 2012). In times of high stress, patients can engage in incremental disclosures, testing each response to the information they provide (Petronio & Sweeney, 2010). When patients feel comfortable with the clinicians’ responses it is more likely that the patient will accelerate willingness to disclosure.

However, there are a number of situations where patients cannot manage their private health information and they need an advocate (Petronio, Sargent, Andea, Reganis, & Cichocki, 2004). Advocates make judgments about disclosing and decisions for patients regarding medical care to varying degrees based on patients’ needs and the medical team’s decisions. There are many ways advocates stand in for patients. For example, when parents are dealing with a young child who is diagnosed with an unexpected serious illness, as parents they expect be told critical information about their child by the physician and medical team (Duggan & Petronio, 2009). Parents make this assumption because they define all information about their child’s case as belonging to them. Thus, the parents identify themselves as the “proxy-owners” of their child’s medical information because of the child’s age and medical circumstance (Bute, Petronio, & Torke, 2015).

In addition, parents also believe that they have the right to make medical decisions and believe they should be told any information about their child’s case that is critical to those decisions (Duggan & Petronio, 2009). Parents are sources of patient information in these cases and they feel their needs should be honored. While many of these assumptions are consistent with best practices, the stress that parents experience, at times, can put the child’s health at risk. For example, when parents disagree with each other about the best treatment and vie for control, the physician and medical team may find it difficult to resolve. Likewise, the medical team may disagree with the advocates decisions and work to persuade them to select the plan they proposed. As a consequence, the assumptions that patients or parents of patients make about access to outcomes of tests, treatment plans the medical team is contemplating, prognosis, and pertinent information they judge as their right to know can differ from the prospective taken by providers (Petronio, DiCorcia, & Duggan, 2012).

Access to private health information occurs in many different ways. Hospitalized patients, for example, are often surprised at how many individuals have access to their private health information and may find out medical information about themselves by accident (Sankar, Mora, Mertz & Jones, 2003). A study by Braunack-Mayer and Mulligan (2003) offers an example about the surprise factor concerning patients’ assumptions about managing their private information. This patient says:

I am a patient in a special unit where the staff have a meeting every week. They discuss the test results and whatever else they want to discuss. You sort of find out along the way. They don’t tell you what goes on, but you get second-hand information. The nurse will come back and say, ‘At the meeting the doctor said this . . .’ I don’t like them discussing me behind my back (p. 278).

The incident illustrated in this example shows how the nurses’ taken-for-granted work behavior was misunderstood by the patient. The patient defined the nurses’ behavior as a lack of sensitivity regarding this patient’s privacy rules that compromised ownership and control over the patient’s private health information. Circumstances like this can create distrust and have the potential to seal off access to the patients’ privacy boundaries.

Patients believe that revealing private health information to their providers creates a level of clinician responsibility to care for patients’ information. As a result, they are expected to honor the patients’ ownership and control rights concerning the information. However, when these expectations are infringed upon, a measure of trust credits can be lost (Jenkins, Merz, & Sankar, 2005). The risk with losing even a small degree of trust may present situations where patients tend to close their privacy boundary and carefully select information that they tell their doctor. Depending on the perceived risks, patients may change providers in order to feel more comfortable with a different provider. Nonetheless, the aftermath of feeling vulnerable may lead to having more patients who would not be as forthcoming with a new clinician. Patients may engage in “incremental disclosure,” consciously testing the providers’ commitment to recognizing the patients’ ownership and control rights to their private health information by metering or gaging responses to questions providers may ask to learn more about the patient’s needs (Petronio et al., 1996).

The curious issue concerning withholding information from providers, particularly physicians, is the choices of how much, what, when, and if patients disclose information about their health. As mentioned earlier, while some patients use incremental disclosure others treat a visit to the doctor as both social and health-care related: for example, an elderly woman declined to make a follow-up appointment until she could also able to get an appointment at the hair salon. For some individuals, there is a need for “face-management” where patients believe that by being seen in a positive light they will receive better health care from the physician.

Permeability of a privacy boundary and privacy rules guiding choices to reveal or conceal varies depending on the perceived needs of the patient and the context in which health care occurs. In a study investigating patient disclosure to physicians in birth control clinics, the researchers found that these female patients limited or altered information they told the physician (Lewis, Matheson, & Brimacombe, 2011). This research also notes that patients with a general orientation toward high permeable privacy boundaries tend to fully disclose to their physician. Nevertheless, physician characteristics such as friendliness positively influence the patient’s privacy rules guiding decisions to disclose.

This discussion frames some of the issues surrounding the way that patients navigate balancing their health-care needs with actively managing their private health information. As this discussion about patient disclosure to providers (in particular physicians) accounts for the fact that patients actively regulate their private information because they believe they own and should control their private information even when they grant physicians license to be an authorized co-owner.

Managing Privacy Disclosure to Patients

Physicians serve in a confidant role where patients are concerned. Not clarifying expectations often means that physicians depend on their own privacy management rules for how to treat patient information. At times there is a disconnection between the patients’ expectations for how their private health information should be treated and physicians’ choices about disclosure and confidentiality resulting in producing a number of unexpected risks (Petronio, et al., 2012).

One type of risk may stem from expectations concerning ownership of personally private information and assumptions regarding authorized co-ownership between patients and providers that can extend too far. With the kind of closeness between the patient and physician that tends to emerge with patient-physician relationships, some physicians blur the co-ownership of privacy boundary lines with patients and experience privacy management predicaments (Petronio, et al., 2012). When patients receive disclosures of a personal nature from their physician they can be placed in an uncomfortable situation. McDaniel, Beckman, Morse, et al. (2007) found that 85% of primary care physicians made such disclosures, and patients reported they did not find the disclosures helpful. Petronio et al. (2012) point out that “unless the disclosure is contextually relevant to the patient’s case or can potentially be used therapeutically, a physician’s personal disclosure can compromise the ability to establish a professional trusting relationship with the patient” (p. 43). While these incidents occur, blurring the privacy boundary lines seems symptomatic of the pressures necessary to navigate the many dimensions of expectations providers have for themselves and that patients have for providers.

Another type of risk factor may arise with the way a physician might present information regarding a patient’s case. Research shows that physicians have used vague descriptions, euphemistic responses, concealment, and medical terms that may not be understood by the patient (e.g., Tuckett, 2004). Reticence of a “full” disclosure by physicians concerning a patient’s medical condition takes many forms. For instance, physicians may invoke their own privacy rule concerning the timing of sharing diagnoses with patients. In many cases, physicians feel it is in the best interest of the patient to withhold information until the test results and other markers are available allowing them to have more certainty about the diagnosis or prognosis.

A difficulty arises when patients are not included in the journey of discovery and can feel surprised when they finally get an answer to the question: “What is wrong with me?” Of course, the actions physicians take make sense theoretically. Nevertheless, patients might feel frustrated with this type of equivocality as they wait for answers about their case. Having periods where there is no disclosure can be scary for patients. Patients often imagine a variety of medical issues when there is ambiguity having no or incomplete information about their own case. Patients can often feel that given they own their private health information, they have the right be apprised of the different steps a physician is taking. The risk of temporary non-disclosure may have consequences for accepting the diagnosis, adherence to provider care instructions or taking medications that hamper good health-care outcomes (Petronio et al., 2012).

While it is clear that there are patient-oriented risks stemming from choices that physicians make regarding health issues, these providers also cope with many personal risks in their practice. Delivering bad news to a patient is challenging, at best, particularly when a physician is new to the profession (Helft & Petronio, 2007). Not having a clear way to make these disclosures belonging to the patient can lead to a “hit and run” strategy where the physician gives the bad news with minimal explanation and immediately leaves the room. The burden of knowing and having to disclose can feel risky even for seasoned doctors. Over time, providers may find ways to cope with feeling uncomfortable telling patients that they have terminal cancer, for example. Yet, being a messenger carrying a patient’s private health information and knowing they must reveal challenging information may still take a toll (Gordon & Daugherty, 2003). As a consequence, judgments of how much information to tell the patient can be tempered by the extent to which the physician judges the prognosis, for instance, can potentially hinder a patient’s hope. However, making a judgment for patients about their private health information may leave patients confused about issues such as how much time they might have with loved ones and ways to prepare family members for an inevitable outcome.

One of the most trying circumstances not only for physicians, patients, and their families but also for the entire medical team is involvement in a medical mistake. Interestingly, in most medical systems, wherever the fault may lie, the primary physician on the case tends to be held responsible. Along with this responsibility, physicians make the disclosure to the patient. In these cases, the risk is high for all implicated, and much of the decision making for knowing and addressing an error event revolves around the way the physician handles the situation. There are many complications for physicians regarding disclosure of medical mistakes or error events. There is a long history of physician reticence concerning disclosure about medical mistakes in general and the specifics surrounding cause. The ethical obligation for physicians to tell patients about mistakes or errors is in tension with their own emotional reaction to being involved in a medical mistake.

Telling patients that something went terribly wrong where the physician is implicated requires being mindful of patients’ emotions and for physicians to check their own emotions before making these intensely problematic types of disclosures to a patient. There is significant stress for the patient in hearing the information and for the physician serving as a messenger and co-owner of the information about the circumstances leading to the error.

Because physicians involved in a medical mistake typically feel a responsibility for negative outcomes, they tend to consider medical mistakes to be personal (Petronio, Torke, Bosslet, Isenberg, Wocial, & Helft, 2013). Often there are feelings of guilt, self-blame, and second guessing. Consequently, these physicians want to protect the error information by treating it more like the information that is within their personally private boundary where they are sole owners of the information rather than co-owners. Given this perspective, physicians may feel that they want to conceal the incident because revealing it has significant consequences such as the potential for being sued or worse and living with the knowledge that the physician injured a patient (Allman, 1998). Physicians, who are among the most committed to their patients, often find that they feel like “second victims” (Seys, Wu, Gerven, Vleugels, Euwema, Panella, Scott, Conway, Sermeus, & Vanhaecht, 2012). They have a difficult time coping with the knowledge they were somehow responsible for a patient’s injuries or death that leads to feelings of inadequacies. As Allman’s research shows, some physicians are never able to move on with some getting divorced or others, tragically, committing suicide.

The complexity of choices about revealing and concealing private health information impacts risk in specific ways for patients and providers. Issues such as delivering bad news, coping with receiving and sending private information about medical mistakes, and recognizing where privacy boundaries begin and end for patients and providers—all of these factors tell an important story about risks embedded in actions taken in where managing private information intersects with health-care delivery.

Discussion of the Literature

There is a need to continue investigating the interface between the ways individuals make decisions about sharing or restricting access to their private health information. Grasping these often subtle issues can lead to recognizing situations that can produce health risks and ways to address these risks. This article offers three rich areas of inquiry that examine issues of privacy, co-ownership, and turbulence within the contexts of HIV/AIDS, cancer management, and patient-provider circumstances. As this discussion points out, using the communication privacy management theoretical frame opens up novel ways to diagnose risk-inducing health matters. Likewise, CPM theory is geared to allow for translating research into meaningful practice. Evidence suggests that CPM theory aids the investigation of a host of health-related topics. For example, researchers examine privacy management of obesity, disabilities, miscarriages, end-of-life care, genetics, surrogate decision making, and celebrity disclosures about health conditions, kidney donor issues, infertility, nursing issues, and child sexual abuse through the lens of CPM. In each study, keys to uncovering the way individuals make privacy management choices demonstrates why health risks occur where confidentiality and expectations about the care of private information are concerned.